From: Hans de Goede <hdegoede@redhat.com>
To: Gerd Hoffmann <kraxel@redhat.com>
Cc: Hans de Goede <hdegoede@redhat.com>, qemu-devel@nongnu.org
Subject: [Qemu-devel] [PATCH 13/17] uhci: Detect guest td re-use
Date: Wed, 24 Oct 2012 18:31:16 +0200 [thread overview]
Message-ID: <1351096280-9518-14-git-send-email-hdegoede@redhat.com> (raw)
In-Reply-To: <1351096280-9518-1-git-send-email-hdegoede@redhat.com>
A td can be reused by the guest in a different queue, before we notice
the original queue has been unlinked. So search for tds by addr only, detect
guest td reuse, and cancel the original queue, this is necessary to keep our
packet ids unique.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
---
hw/usb/hcd-uhci.c | 33 ++++++++++++++++-----------------
1 file changed, 16 insertions(+), 17 deletions(-)
diff --git a/hw/usb/hcd-uhci.c b/hw/usb/hcd-uhci.c
index 0984bee..c4f2f98 100644
--- a/hw/usb/hcd-uhci.c
+++ b/hw/usb/hcd-uhci.c
@@ -319,28 +319,18 @@ static void uhci_async_cancel_all(UHCIState *s)
}
}
-static UHCIAsync *uhci_async_find_td(UHCIState *s, uint32_t td_addr,
- UHCI_TD *td)
+static UHCIAsync *uhci_async_find_td(UHCIState *s, uint32_t td_addr)
{
- uint32_t token = uhci_queue_token(td);
UHCIQueue *queue;
UHCIAsync *async;
QTAILQ_FOREACH(queue, &s->queues, next) {
- if (queue->token == token) {
- break;
- }
- }
- if (queue == NULL) {
- return NULL;
- }
-
- QTAILQ_FOREACH(async, &queue->asyncs, next) {
- if (async->td_addr == td_addr) {
- return async;
+ QTAILQ_FOREACH(async, &queue->asyncs, next) {
+ if (async->td_addr == td_addr) {
+ return async;
+ }
}
}
-
return NULL;
}
@@ -805,11 +795,21 @@ out:
static int uhci_handle_td(UHCIState *s, UHCIQueue *q, uint32_t qh_addr,
UHCI_TD *td, uint32_t td_addr, uint32_t *int_mask)
{
- UHCIAsync *async;
int len = 0, max_len;
bool spd;
bool queuing = (q != NULL);
uint8_t pid = td->token & 0xff;
+ UHCIAsync *async = uhci_async_find_td(s, td_addr);
+
+ if (async) {
+ if (uhci_queue_verify(async->queue, qh_addr, td, td_addr, queuing)) {
+ assert(q == NULL || q == async->queue);
+ q = async->queue;
+ } else {
+ uhci_queue_free(async->queue, "guest re-used pending td");
+ async = NULL;
+ }
+ }
if (q == NULL) {
q = uhci_queue_find(s, td);
@@ -831,7 +831,6 @@ static int uhci_handle_td(UHCIState *s, UHCIQueue *q, uint32_t qh_addr,
return TD_RESULT_NEXT_QH;
}
- async = uhci_async_find_td(s, td_addr, td);
if (async) {
/* Already submitted */
async->queue->valid = 32;
--
1.7.12.1
next prev parent reply other threads:[~2012-10-24 16:30 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-10-24 16:31 [Qemu-devel] uhci: Cleanups, fixes and improvements Hans de Goede
2012-10-24 16:31 ` [Qemu-devel] [PATCH 01/17] usb: Enforce iso endpoints never returing USB_RET_ASYNC Hans de Goede
2012-10-24 16:31 ` [Qemu-devel] [PATCH 02/17] uhci: No need to handle async completion of isoc packets Hans de Goede
2012-10-24 16:31 ` [Qemu-devel] [PATCH 03/17] uhci: cleanup: Add an unlink call to uhci_async_cancel() Hans de Goede
2012-10-24 16:31 ` [Qemu-devel] [PATCH 04/17] uhci: Don't retry on error Hans de Goede
2012-10-24 16:31 ` [Qemu-devel] [PATCH 05/17] uhci: Drop unnecessary forward declaration of some static functions Hans de Goede
2012-10-24 16:31 ` [Qemu-devel] [PATCH 06/17] uhci: Move emptying of the queue's asyncs' queue to uhci_queue_free Hans de Goede
2012-10-24 16:31 ` [Qemu-devel] [PATCH 07/17] uhci: Rename UHCIAsync->td to UHCIAsync->td_addr Hans de Goede
2012-10-24 16:31 ` [Qemu-devel] [PATCH 08/17] uhci: Add uhci_read_td() helper function Hans de Goede
2012-10-24 16:31 ` [Qemu-devel] [PATCH 09/17] uhci: Make uhci_fill_queue() actually operate on an UHCIQueue Hans de Goede
2012-10-24 16:31 ` [Qemu-devel] [PATCH 10/17] uhci: Store ep in UHCIQueue Hans de Goede
2012-10-24 16:31 ` [Qemu-devel] [PATCH 11/17] uhci: Immediately free queues on device disconnect Hans de Goede
2012-10-24 16:31 ` [Qemu-devel] [PATCH 12/17] uhci: Verify queue has not been changed by guest Hans de Goede
2012-10-24 16:31 ` Hans de Goede [this message]
2012-10-24 16:31 ` [Qemu-devel] [PATCH 14/17] uhci: When the guest marks a pending td non-active, cancel the queue Hans de Goede
2012-10-24 16:31 ` [Qemu-devel] [PATCH 15/17] uhci: Always mark a queue valid when we encounter it Hans de Goede
2012-10-24 16:31 ` [Qemu-devel] [PATCH 16/17] uhci: Retry to fill the queue while waiting for td completion Hans de Goede
2012-10-24 16:31 ` [Qemu-devel] [PATCH 17/17] uhci: Use only one queue for ctrl endpoints Hans de Goede
2012-10-25 7:14 ` [Qemu-devel] uhci: Cleanups, fixes and improvements Gerd Hoffmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1351096280-9518-14-git-send-email-hdegoede@redhat.com \
--to=hdegoede@redhat.com \
--cc=kraxel@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).